> > I fail to see why system accounts should be shared across
networks and
> > why there is any need to force unique UIDs on them.
>
> ok, some examples:
>
> * 'vdr' and 'vdradmin' (from livna) are running on different hosts
as
> the 'vdr:video' user. Both share configuration files and data which is
> exported by NFS
Then these UID/GIDs probably better should be ordinary uids, instead of
system-user ids.

These users are created by an rpm, this package contains files owned by
them and they are set in global configuration files. So, they must be
system accounts.

> * some data in a shared filesystem which shall be read by apache
only
> but not by other users -> all affected machines will need the same
> uid/gid for apache
To me this is a classical case of a customized network setup. It's the
admin's responsibility to synchronize the uids.

There is no way to see whether an rpm package creates an account or to
determine the parameters of this account.

> * it is confusing and unesthetically when users are having
different
> identities
Let me turn this coin around: You are trying to be stylish and seem to
be trying to project your personal conventions to the public.
You are missing:
* These points are irrelevant in heterogenious networks. Each OS has
different conventions, so any convention is always somehow wrong and
requires hand-crafting.

The uid/gid concept exists on all Posix compliant systems. 'fedora-usermgmt'
would work fine e.g. on Solaris also.

* Using fixed uids unnecessarily restricts the number of available
uids.
You will sooner or later face the problems of all fixed-table based
configuration approaches.

I do not expect that the number of registered UIDs reaches a range where
this is critical. And when you have really an environment without a free
range of perhaps 1000-2000 uids, then write your own 'fedora-usermgmt'
backend which calculates the resulting UID in a clever way.

> It is easy to create users with predictable uids and
fedora-usermgmt
> offers a simple method doing this. I am not aware of any drawbacks,
> it solves the problem of unpredictable uids and without explicit
> configuration it is transparent to users because it has the same
> behavior as plain 'useradd' then. So I do not see reasons why it
> should not be used.
Frankly speaking, I am no friend of fedora-usermgmt. To the same extent
it might help you, it interferes with my demands.

Where does it interferes with your demands? When you did nothing
(used fedora-usermgmt out-of-the-box), there is no difference to the
plain 'useradd'. When you did something, you did it wrong perhaps or
encountered a bug in fedora-usermgmt.
Enrico